sshfs for sharing files

if you do not need access to the files when you are offline (or alternatively do not mind writing an rsync script) this solution might be for you. using sshfs only dawned upon me after having looked at several big software alternatives like owncloud. using this, you can mount a remote directory, which can be on encrypted space. file changes are immediately applied on the server. downsides are the same as with other self-hosted solutions: you have to manage the backups, server availability and software. for just serving files, for example media in a home network, it might be easier and sufficient to use an http server with autoindex and basic auth or limited ip access. also check out kodi

how to

on the server

create a dedicated user without a default shell and without any password

useradd shared --home-dir /home --shell /bin/false

for some reason, only using /home directly worked for me. sshd changes the directory automatically to /home/shared on login

mkdir /home/shared
chown root:root /home/shared
chmod 755 /home/shared

these owner and permissions are the only that worked for me, perhaps necessary for the chroot

in /etc/sshd_config

AuthorizedKeysFile /etc/ssh/authorized_keys/%u
Match User shared
  ChrootDirectory /home/shared
  ForceCommand internal-sftp

configure a chroot for the user, which is supposed to prevent the user from seeing and accessing files outside the specified directory. because i do not have the authorized_keys file in the home directory of the shared user, i store them in a directory /etc/ssh/authorized_keys, with one file per user. this is for enabling password-less, key-based login

mkdir /etc/ssh/authorized_keys
chmod 755 /etc/ssh/authorized_keys

then add public keys in that directory, named like the corresponding users. the directory and the files therein must be accessible by the users, the files only for the user it is for

  otheruser  shared

on the client

create or designate an ssh key and change the file name to have the username of the shared remote user at the end. this is so that ssh can select the right ssh key automatically when logging in and the path to the key does not have to be specified


in ~/.ssh/config

Host testserver
User shared
IdentityFile ~/.ssh/testserver.%r

the placeholder %r will be replaced by ssh with the username, which is either the username given explicitly on the command line, the default user configured in .ssh/config or the current user if none is configured

mount the remote directory

sshfs shared@testserver:/ /home/username/mnt/shared@testserver

i had some issues with finding the right path on the server to mount because of the chroot. the chroot and mount paths might require some tweaking


mount-sshfs-home from sph-script makes mounting with sshfs a little bit easier

usage example

mount-sshfs-home shared@testserver --path=/

the benefit is that the local mount directory is automatically selected, created and removed in the home directory. mnt/shared@testerver/